Privacy Policy

Digimarc Corporation is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information.

Last updated: May 2018

This privacy policy explains the personal data we process, how we process that data, and why we process that data. Personal data is information that identifies or that is capable of identifying a natural person. Processing is any operation that may be performed on personal data and includes collecting, storing, using, and erasing personal data.

References to Digimarc products in this privacy policy include Digimarc’s products, services, website, mobile apps, and other software.

Personal Data We Collect

We collect personal data from you through your registration for and interaction with our products for the purposes described below. These purposes include providing our products, analyzing your use of our products, improving our products, and developing new products.

We also may obtain personal data about you from third parties. We process this data in accordance with this privacy policy and any additional restrictions placed on the processing of that data by the third party providers.

The personal data we collect from you depends on which of our products you use and the other interactions you have with us. This data may include:

  • Name and contact information. Personal data you provide us when registering for our products, including first and last name, email address, postal address, phone number, and similar information.
  • Credentials. Usernames and passwords you create to access and use our products.
  • Demographic data. Your country of residence.
  • Device and usage data. Personal data about your use of our products, including the activities you perform on your account, the Digimarc webpages you visit, and the devices from which you access our products, including IP address and device identifier. This data may be obtained from your use of our software as integrated in third party products.
  • Content. Content you provide us through your use of our products. For example, images and audio content you upload to the Digimarc Barcode Manager.
  • Location data. Personal data about your device’s city-level location, based on your device’s IP address.
  • Other data you provide. Other personal data you provide us through use of our products, including messages, survey responses, and other feedback.

We may obtain personal data about you from third parties. When we do so, we process that data consistent with this policy and subject to any additional restrictions placed on that processing by the third party providing us that data.

Personal Data Use

We use your personal data to provide products, operate our business, comply with our legal and contractual obligations, protect our systems and customers, and to fulfill our other legitimate interests.

  • Provide our products. We use your personal data to operate our products and services.
  • Improve our products and develop new products. We use your personal data to monitor and improve performance of our products and to develop new products. This may include our use of location-based product usage information to optimize delivery of our products and the performance of our products, and the use of error report information to diagnose and correct problems with our products.
  • Provide customer support. We use your personal data to diagnose and correct problems with our products, including by responding to support requests and providing other support services.
  • Provide promotional communications. We use your personal data to provide promotional communications. You can unsubscribe from these communications at any time by clicking the “unsubscribe” link in the footer of those communications.
  • Negotiate and perform contracts. We use your personal data to negotiate contracts with you and to perform contracts we have entered with you.
  • Transact commerce. We use your personal data to process commercial transactions you request to undertake with us.
  • Analyze business operations. We use personal data to analyze business operations and to engage in other business intelligence activities.
  • Comply with the law. We use your personal data to comply with our legal obligations.

Personal Data Sharing

We may share your personal data with our subsidiaries and with our third party service providers. We may also share your personal data with third parties to exercise our legal rights and perform our legal obligations, and in other circumstances where you have granted us permission to share your personal data.

  • Subsidiaries. We may share your personal data with our subsidiaries for the purposes stated in this privacy policy.
  • Third party service providers. We may share your personal data with third party services providers who process data on our behalf in ways that are consistent with this privacy policy.
  • Third parties for legal purposes. We may share your personal data as required by law or as necessary to exercise our legal rights. For example, we may share your personal data as required by law enforcement or in connection with legal proceedings, and transfer your data in connection with a sale, merger, transfer, or reorganization of our business or business assets.
  • Permission. We may share your personal data in other circumstances where you have given us permission to do so.

Where We Process Personal Data

We may process your personal data in the United States and in any other country where we, our subsidiaries, or our service providers maintain facilities. We choose data processing locations to optimize delivery of our products, to create redundancies to protect data, and to continue to provide our products in the event of an outage. Our service providers maintain facilities throughout the world.

We transfer personal data from the European Economic Area and Switzerland to other countries, some of which have been determined by the European Commission not to have an adequate level of data protection. When we do so, we use contracts to ensure your rights and protections travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in non-European Union countries, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Our Retention of Personal Data

We retain your personal data as long as necessary to provide the products you have requested and to perform the contracts you have entered with us, to fulfill our legitimate interests, including to exercise our legal rights and to perform our legal obligations. Our need to retain personal data varies based on the type of data and the reasons we collected it, so our retention periods vary as well.

We use the following criteria to determine how long to retain personal data:

  • Customer expectations. We retain personal data consistent your expectations concerning the performance of the products we provide you.
  • Legitimate interests. We retain personal data to fulfill our legitimate interests.
  • Legal obligations. We retain personal data as required by data retention laws, to comply with government orders, and as necessary to meet preservation requirements in litigation. We also remove personal data if required to do so by law.

Data Security

We use data security technology and reasonable data security procedures to help protect your personal data from unauthorized access, use, disclosure, and alteration or destruction. These measures include storing your personal data on access-controlled computer systems and in secure storage facilities. We comply with applicable data protection laws, including applicable security breach notification laws.

Cookies

We use cookies to store your settings, to enable you to sign in to use our products, to analyze how our products perform, and to fulfill our other legitimate interests. You may control the data collected by cookies using controls in your Internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

Children

Our products are intended to be used by adults. We do not intentionally or knowingly collect personal data from children and we ask that children not provide personal data to us.

Changes To This Privacy Policy

We may update this privacy policy from time to time, including as necessary to comply with legal requirements and to describe changes to our data processing policies. When we post changes to this privacy policy, we will revise the “last updated” legend at the top of the privacy policy to indicate that changes have been made. We encourage you to review this privacy policy periodically.

Contact Us

If you have any questions or concerns about this privacy policy, please contact us at privacy [at] digimarc [dot] com.

European Economic Area and Switzerland Residents

Residents of countries in the European Economic Area and Switzerland have additional rights with respect to personal data. The following applies to residents of those countries with respect to whom we process personal data:

Data Controller

For purposes of this privacy policy, the data controller is:

Digimarc Corporation
9405 SW Gemini Drive
Beaverton, Oregon 97008
USA

Purposes and Legal Bases for Data Processing

The purposes for our processing of your personal data are described above.

The legal bases for our processing of your personal data are:

  • With your consent. We process your personal data when you have provided us your consent to do so, consistent with the scope of that consent. Where you have provided us consent to process your personal data, you may withdraw that consent at any time.
  • To fulfill a legitimate interest. We process your personal data to fulfill our legitimate interests.
  • To enter or perform a contract. We process your personal data as necessary to enter into and to perform contracts we have entered into you.
  • To comply with legal requirements. We process personal data as required by law.

Rights

Residents of countries in the European Economic Area and Switzerland have the following additional rights with respect to their personal data:

  • Right to information. You have the right to be informed of what personal data about you we are processing and the rationale for that processing.
  • Right of access. You have the right to request access to your personal data that we are processing.
  • Right of rectification. You have the right to request that we correct your personal data that we are processing if you believe that data is not up to date or is not accurate.
  • Right to withdraw consent. You have the right to withdraw your consent to our future processing of your personal data where our processing is based on your consent.
  • Right to object. You have the right to object to our processing of your personal data.
  • Right of erasure. You have the right to request that your personal data be deleted.
  • Right to restrict. You have the right to request that we restrict our processing of your personal data.
  • Right to data portability. You have the right to obtain a copy of your personal data in a structured and commonly used, machine-readable format where our automated processing of your personal data is based on your consent or based on a contract entered between us.

To exercise these rights, or to ask any questions or raise any concerns you may have about this privacy policy, please contact us at privacy [at] digimarc [dot] com. We will respond to your request within 30 days. We have the right to request that you verify your identity if you request to exercise these rights. You have the right to lodge a complaint with a supervisory authority. We encourage you to contact us before lodging a complaint so that we can address any concerns you may have directly with you.

For residents of France, you have the right to send us specific instructions regarding the use of your data after your death. Please contact us at the email address above to provide instructions.